P2P and P2P botnet traffic classification in two stages

Nowadays accurate P2P traffic classification has become increasingly significant for network management. In addition, it is important to distinguish P2P botnet traffic from normal P2P traffic in order to find P2P malware and to immediately detect P2P botnets. Several approaches including port-based, signature-based, pattern-based, and statistics-based methods have been proposed to classify P2P and P2P botnet traffic. However, a single method alone cannot accurately classify both P2P and P2P botnet traffic. In this paper, we propose a hybrid traffic classifier that is composed of two stages. The first stage consists of a P2P traffic classifier that works in two steps. In the first step, a signature-based classifier is combined with connection heuristics, and in the second step, a statistics-based classifier is compensated by pattern heuristics. The statistics-based classifier is built using REPTree, a decision tree algorithm. The second stage is comprised of a P2P botnet traffic classifier that distinguishes P2P botnet traffic from other P2P traffic. The verification analysis and experiments using real datasets reveal that the proposed scheme provides a low overhead and achieves a high flow and byte accuracy of 97.70 and 97.06 % to classify P2P and P2P botnet traffic.

[1]  Ali A. Ghorbani,et al.  Peer to Peer Botnet Detection Based on Flow Intervals , 2012, SEC.

[2]  Dongwon Jeong,et al.  An Algorithm for Extracting Referential Integrity Relations Using Similarity during RDB-to-XML Translation , 2007 .

[3]  Zhang Shunyi,et al.  P2P Traffic Identification Technique , 2007, CIS.

[4]  Sharath Chandra Guntuku,et al.  Real-time Peer-to-Peer Botnet Detection Framework based on Bayesian Regularized Neural Network , 2013, ArXiv.

[5]  Xiuli Shao,et al.  Detecting P2P botnets by discovering flow dependency in C&C traffic , 2014, Peer-to-Peer Netw. Appl..

[6]  István Szabó,et al.  On the Validation of Traffic Classification Algorithms , 2008, PAM.

[7]  Guyu Hu,et al.  P2P Botnet Detection Based on Irregular Phased Similarity , 2012, 2012 Second International Conference on Instrumentation, Measurement, Computer, Communication and Control.

[8]  Gang Lu,et al.  Feature selection for optimizing traffic classification , 2012, Comput. Commun..

[9]  Xiaolei Wang,et al.  PeerSorter: Classifying Generic P2P Traffic in Real-Time , 2014, 2014 IEEE 17th International Conference on Computational Science and Engineering.

[10]  Kyung-San Cho,et al.  P2P Traffic Classification using Advanced Heuristic Rules and Analysis of Decision Tree Algorithms , 2014 .

[11]  Renata Teixeira,et al.  Early application identification , 2006, CoNEXT '06.

[12]  Jun Li,et al.  Hybrid internet traffic classification technique , 2009 .

[13]  Sateesh K. Peddoju,et al.  Behaviour analysis of machine learning algorithms for detecting P2P botnets , 2013, 2013 15th International Conference on Advanced Computing Technologies (ICACT).

[14]  Gonzalo Joya,et al.  Peer selection in P2P wireless mesh networks: comparison of different strategies , 2015, Soft Comput..

[15]  Yi-Bing Lin,et al.  Network security management with traffic pattern clustering , 2014, Soft Comput..

[16]  Wujian Ye,et al.  Hybrid P2P traffic classification with heuristic rules and machine learning , 2014, Soft Computing.

[17]  Haitao He,et al.  Improve Flow Accuracy and Byte Accuracy in Network Traffic Classification , 2008, ICIC.

[18]  Carey L. Williamson,et al.  Identifying and discriminating between web and peer-to-peer traffic in the network core , 2007, WWW '07.

[19]  Ali A. Ghorbani,et al.  Detecting P2P botnets through network behavior analysis and machine learning , 2011, 2011 Ninth Annual International Conference on Privacy, Security and Trust.

[20]  Bo Yang,et al.  Online hybrid traffic classifier for Peer-to-Peer systems based on network processors , 2009, Appl. Soft Comput..

[21]  Jie Ma,et al.  Measuring Peer-to-Peer Botnets Using Control Flow Stability , 2009, 2009 International Conference on Availability, Reliability and Security.

[22]  Sven Dietrich,et al.  P2P as botnet command and control: A deeper insight , 2008, 2008 3rd International Conference on Malicious and Unwanted Software (MALWARE).

[23]  Vijay Varadharajan,et al.  A Trust based Access Control Framework for P2P File-Sharing Systems , 2005, Proceedings of the 38th Annual Hawaii International Conference on System Sciences.

[24]  Luca Salgarelli,et al.  On the stability of the information carried by traffic flow features at the packet level , 2009, CCRV.

[25]  Wujian Ye,et al.  Two-Step P2P Traffic Classification with Connection Heuristics , 2013, 2013 Seventh International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing.

[26]  Kumar Amit,et al.  A Wide Scale Survey on Botnet , 2011 .

[27]  Ali Feizollah,et al.  Evaluation of machine learning classifiers for mobile malware detection , 2014, Soft Computing.

[28]  Francesco Palmieri,et al.  A botnet-based command and control approach relying on swarm intelligence , 2014, J. Netw. Comput. Appl..

[29]  Ke Tang,et al.  Minimax Classifier for Uncertain Costs , 2012, ArXiv.

[30]  Mrinal Kanti Ghose,et al.  A Framework for P2P Botnet Detection Using SVM , 2012, 2012 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery.

[31]  Sharath Chandra Guntuku,et al.  Big Data Analytics framework for Peer-to-Peer Botnet detection using Random Forests , 2014, Inf. Sci..

[32]  Nizar Kheir,et al.  BotSuer: Suing Stealthy P2P Bots in Network Traffic through Netflow Analysis , 2013, CANS.

[33]  Chen-Nee Chuah,et al.  A novel self-learning architecture for p2p traffic classification in high speed networks , 2010, Comput. Networks.

[34]  Zhou Xusheng A P2P Traffic Classification Method Based on SVM , 2008, 2008 International Symposium on Computer Science and Computational Technology.

[35]  Francesco Palmieri,et al.  A nonlinear, recurrence-based approach to traffic classification , 2009, Comput. Networks.

[36]  Ronaldo M. Salles,et al.  Botnets: A survey , 2013, Comput. Networks.

[37]  Niccolo Cascarano,et al.  GT: picking up the truth from the ground for internet traffic , 2009, CCRV.

[38]  Michalis Faloutsos,et al.  Transport layer identification of P2P traffic , 2004, IMC '04.

[39]  Ece Guran Schmidt,et al.  Machine learning algorithms for accurate flow-based network traffic classification: Evaluation and comparison , 2010, Perform. Evaluation.

[40]  Xiapu Luo,et al.  Building a Scalable System for Stealthy P2P-Botnet Detection , 2014, IEEE Transactions on Information Forensics and Security.

[41]  Carey L. Williamson,et al.  Offline/realtime traffic classification using semi-supervised learning , 2007, Perform. Evaluation.

[42]  Selvakumar Manickam,et al.  A Review of Peer-to-Peer Botnet Detection Techniques , 2014, J. Comput. Sci..

[43]  Chun-Ying Huang,et al.  Session level flow classification by packet size distribution and session grouping , 2012, Comput. Networks.